1. Field of the Invention
The present invention relates to a system and method for controlling access to multiple public networks and for controlling access to multiple private networks.
2. Background Information
The Internet is fast becoming the primary platform for global commerce and communications. The ease of communication that encourages the Internet's growth also makes it difficult to ensure the security of Internet transactions. Users of the Internet require mechanisms that guarantee the integrity of the information they transmit over the Internet and provide the same level of trust as paper-based transactions.
Before committing sensitive communications to the Internet, users require specific assurances. Firstly, electronic transactions need to be confidential and protected from tampering. Secondly, they need to be able to trust that participants are who they claim to be. Lastly, they want to be assured that no one can deny their involvement in a transaction after the fact.
Public key cryptography uses a mathematical algorithm, or key, to encrypt data, and a related mathematical key to decrypt the data. Authorized users of public key cryptography receive encryption software and a key pair. The keys in a key pair are related so that a message encrypted with a user's public key can only be decrypted using the corresponding private key. One key is an accessible public key, and the other key is a private key that the user must keep secret. In Public key cryptography, public keys are published in electronic directories.
Known encryption key pairs include asymmetric key pairs and symmetric key pairs. In asymmetric key encryption, the encryption and decryption keys are different and the keys are the same in symmetric key encryption. An example of asymmetric key encryption is Public Key Infrastructure (PKI).
Public Key Infrastructure (PKI) comprises a framework of policies, services, hardware, and encryption software that is based on the use of public key cryptography. The asymmetric key pairs of PKI include a public key and a private key. In use, A desires to send a message to B. The public key of B is distributed to A. A uses the public key to encrypt the message sent to B. When the encrypted message is received by B, it is decrypted with the private key held by B. The opposite is true as well. Data encrypted with a private key can be decrypted with the use of the public key. This inhibits unauthorized decryption of data.
A disadvantage of PKI is that since it is dependent upon private and public keys, designing and building full-featured PKI is difficult. There are significant interoperability and management challenges associated with PKI. Another disadvantage of PKI is the administration and management of certificates.
In symmetric encryption, both parties share a set of encryption keys, i.e. the same key is used to encrypt and decrypt data. This encryption method is also known as “shared key encryption”. In use, A uses a predetermined encryption key to encrypt a message to be sent to B. A sends the encrypted message to B. B uses the same encryption key to decrypt the message.
A disadvantage of public key encryption is that it may be vulnerable to “Man-In-The-Middle” (MITM) attacks, since the possessors of the keys may be unable to verify the identity of each other. In an MITM attack, an interceptor uses its own public key, instead of the target's public key, for asymmetric encryption. This allows the interceptor to decrypt confidential data that is intended for the target.
Another known method of obtaining unauthorized access to encrypted data is a “replay” attack. In a replay attack, an attacker may directly use an authentication key, such as a session ID in a URL cookie. The attacker uses the authentication key to obtain or create service to a user's account, while bypassing normal user authentication, such as logging in to the account with the appropriate username or password.